FEDORA-2016-24316f1f56

security update in Fedora 24 for curl

Status: stable 2 years ago
  • fix re-using connections with wrong client cert (CVE-2016-5420)
  • fix TLS session resumption client cert bypass (CVE-2016-5419)
  • fix use of connection struct after free (CVE-2016-5421)

How to install

sudo dnf upgrade --advisory=FEDORA-2016-24316f1f56

Comments 9

This update has been submitted for testing by kdudka.

This update has been pushed to testing.

Services depending on libcurl appear to start normally.

karma: +1 critpath: +1

works for me

karma: +1

This update has been submitted for stable by bodhi.

works for me

karma: +1

Thanks for feedback!

This update has been pushed to stable.

Works for me.

karma: +1 critpath: +1

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Does the system's basic functionality continue to work after this update?
#1362183 CVE-2016-5419 curl: TLS session resumption client cert bypass
#1362190 CVE-2016-5420 curl: Re-using connection with wrong client cert
#1362199 CVE-2016-5421 curl: Use of connection struct after free
#1363642 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 curl: various flaws [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+4
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 4

00 #1362183 CVE-2016-5419 curl: TLS session resumption client cert bypass
00 #1362190 CVE-2016-5420 curl: Re-using connection with wrong client cert
00 #1362199 CVE-2016-5421 curl: Use of connection struct after free
00 #1363642 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 curl: various flaws [fedora-all]

Automated Test Results